Role for display Authorizations

Hi All,
We need to know if thre are any standard Roles available by which i can have all Display authorizations in Production system.
Currently we have many Custom roles and this thisng is really messed up in our organization. So i have suggested to Standardized the role related issues and starting with MM, i would like to know if in production we can have access with all Disply rights for all relevant authorizations along with SPRO display. Can anyone suggest something on this?
Also if we need to create some "Z" or "Y" role; please suggest how we can achieve it.
thanks a lot in advance!
Prashant

Hi Prashanth,
First identify all the transactions which you want to have to give display authorization.
Go to PFCG--> Enter All transactions which everyou want to give authorization for display.
Save.
Go to Authorization tab check for objects vreated for relevant transactions and provide display as activity in those objects.
With Regards,
Vijaykumar P

Similar Messages

  • Built a new role with DISPLAY authorizations in MM

    Hi All,
    I have been given a task to create a role for MM (Materials Management) Display only.
    What i have done is from pfcg created a role and in the menu tab i selected copy menus from sap menu and now i have to maintain authorizations.
    when i go to authorizations tab and change role authorizations there are somany objects that need to be maintained for example Basis,controlling, FI,MM,PM,SD.
    can some one please tell me what need to be maintained and what tcodes need to be assigned to this role (for MM ).
    Many thanks for your time and help.
    Havent Been given any tcodes****
    Kind Regards,
    Vamsi.
    Edited by: vamsi koganti on Apr 8, 2008 5:53 AM

    Hi,
    depend on what t-codes you defined, the oject class and authorization objects maybe vary.
    there is no exact predefined template for your purpose, but common authorization class that relate to MM are :
    MM_B
    MM_D
    MM_E
    MM_G
    MM_L
    MM_R
    MM_S
    MM_W
    any other object class, in example SD for SD modules depend t-codes that you have assigned.
    if you don't understand what value to be set, ask your BASIS or other functional, if they don't understand too, try to inactivate it and try to login. if you are facing unauthorized one, try /nSU53 to determine what authorization is missing.
    rgds,
    alfonsus guritno

  • Generic role for Display

    All,
    I don't think that this is an "issue" but it is definitely something of a convenience problem. Our company has about 50 stores and each of them would have 2-3 generic role for a generic display login.
    I have been asked to create a role in such a way that store A cannot see the inventory /  data of store B. Now we can have 50 different roles for 50 stores and change the Store Numbers (Company) in the  Authorization Objects (Again, Im assuming that this would work..not sure though). But this would be cumbersome to create and manage. Besides each store gets about 3 different roles which makes it at least 150 roles.
    Is there any other way to do this. I hope I'm being clear about what is needed. I need just 1 generic role assigned to all the stores, but they still should not be able to see each other's information.
    Thanks,
    Kunal

    Hi Kunal,
    Putting aside any thoughts of a generic login for the time being (you might want to check your licence terms) then there are are a few ways that you can achieve this.
    Most straightforward would be to use derived roles.  Create your 3 master roles and then derive them at the lower level - 1 per company (if you data can be adequately segregated that way - you need to make sure that it can!). 
    If you are only differentiating on company and there is one company per role then you could script the creation of this pretty easily and populate the org levels using a CATT script (tutorial on ********************* ).  If you are on ECC6 then to be honest eCATTs will take rather longer to get working for org levels than it would take to build your 150 variants.
    You could use enabler role method (use the search on terms "enabler role" or "value role") but to be honest the reduced number of variants you will need to build is going to be outweighed by the complexity of the solution.

  • Authorization roles for display access to PD transactions

    Hi all,
    There is a requirement to create a new security role to allow display access to PD transactions :
    > Organisational and Staffing Display PPOSE,
    > Display Position PO13D,
    > Display Organisational Unit P010D
    With this role, display access needs to be restricted to view organisation units and positions within the line of business where the position with this security role sits, eg position is within Direct Sales and Service 55001641 therefore they can only view organisational structures that report through to this top org unit.
    Any inputs regarding this would be appreciated.
    Regards,
    Manasee

    Try with  object 'S_ENQUE' and ID 'S_ENQ_ACT'...
    Hope it helps!
    Bye,
    Roberto

  • Double Role for Analysis Authorization using Variable via Customer Exit

    Hi Guys I have been implementing AA using variable via customer exit and I have run into this problem, I wonder anyone have encountered this.
    Example I have a User having 2 sets of authorization Roles
    Role 1
    Personnel Area = A, B
    Personnel Sub Area = 1,
    Role 2
    Personnel Area = A
    Personnel Sub Area = 1, 2
    And what we can derive this that is the user is able to see A-1 B-1 and A-2 BUT NOT B-2 when we run all.
    But instate when we run the report it is drawing B-2 as well as because we are entering
    Personnel Area = A,B
    Personnel Sub area = 1,2
    Any idea how to solve this?
    <removed by moderator>
    Edited by: Siegfried Szameitat on Dec 3, 2008 2:41 PM

    Hello Chee Jason,
    Are you working with version 3.5 or 7.0
    How do you specify Hierarchy variable?
    Any advise you can share is very much appreciated.
    Thanks,
    Patrick

  • Roles  for only display authorizations

    Hi Experts,
    Can any one suggest me how to creat the role only for display authorizations for basis.
    Is any standard role like this? if it is please let me know.
    Thanks & Regards.
    Reddy V

    n k wrote:>
    > Hi,
    >
    > just give the tcodes required with the display activity, that is 03.
    I consider that to be dangerous advice because it assumes that activities are checked in all transactions.

  • Display authorization for all modules Including Basis.

    Hi All,
    Is there any Role or profile for display authorization for sap modules .
    Regards,
    Eswar.

    Dear,
    That ROLE will be SAP_ALL_DISPLAY
    "what is to be done"
    just assign the role to the display user via SU01
    Hope this help!
    Also refer this ,
    DISPLAY ONLY AUTHORIZATION
    Regards,
    R.Brahmankar

  • How to create authorization role for just displaying query prefix Q and X.

    Hi Expert,
    I hope someone can help me on how to create authorization role for just displaying and executing  BEX  Queries prefix Q and X. I'm currently using SAP BI 7.1.
    Actually, I already created one role called : Z_FORINDO_ONLYDISPLAY_QX
    where I only put in the Authorization Component (in the Role Maintenance - Tcode 'pfcg'):
    -->Manually Business Information Warehouse
        --> Manually Business Explorer - Components
    Activity : Display, Execute, Enter, Include, Assign
    InfoArea : *
    InfoCube : *
    Name(ID) of a reporting component : *
    Type of a reporting component : Calculated key figure, Restricted key figure, Template structure
        --> Manually Business Explorer - Components
    Activity : Display, Execute
    InfoArea : *
    InfoCube : *
    Name(ID) of a reporting component : Q* , X*
    Type of a reporting component : Query
    But, the problem is I still can make changes on that queries (Q* and X*). Even, I still can run query with prefix Z. I use S_RS_RREPU Tamplete for Query Display and execution.
    Please assist. Very much appreciate your help. Thanks.
    Edited by: nadiyah salleh on Mar 18, 2008 11:22 AM

    Question close. This issue has been resolved.

  • Help Required in Authorization Roles for Workbooks

    Hi All,
    In our project, we have a requirement of creating a role for users with below authorizations.
    1.     Can display and execute the workbooks in the role menu.
    2.     Can create copy workbooks ( Save as) in the role menu.
    3.     Can not delete the original and the copy workbooks from role menu.
    We are using an authorization object S_RS_FOLD with u2018FALSEu2019 for restricting the user from deleting workbooks.
    We also need to add one more object S_USER_AGR (without u2018Deleteu2019 property) to give the authorization of creating copy workbooks in the role menu.
    Object S_RS_FOLD this is working fine without S_USER_AGR. But after adding S_USER_AGR (without delete property), user is again able to delete the workbooks.
    So how can we achieve both the functionalities where user can not delete the workbook but can create copy workbooks in the role menu.
    Thanks,
    Sachin

    Re: Adding report (query & workbook, templates) in roles
    Go through this thread.
    And in our Project we have created one role for accessing workbooks. in that end user can access the work book but saved one and user cannot resave or delete the work book.
    we have added Auth objects S_TCODE and S_GUI.
    in S_TCODE we have added RRMX and in S_GUI we have given 60(IMPORT) access to the users.
    So that they can just share the workbook. nothing else can be done.
    Try like this. Hope this would help you.

  • HR authorization for Display the documents  in SAP DMS

    HI experts,
    We want to control display authorization depending on the entry made in object link tab in DMS( DOcument Management System). We developed screen for HR master object link. When user executes cv03n and enters document No. system should check hr master number entered in object link. If the user has authorization for that hr master number in PA (personnel administration), then he should be allowed to display the document. Otherwise it should restrict him to display the DIR.
    Now my query is how to achieve it. Can anybody provide me some solutions
    I have one solution, whenever user enter document number in cv03n screen, system will first check hr master number entered in object link and it will check the Personnel Area, Employee group and employee subgroup aginst this hr master number. Say for ex: PA:1000, EG:1 and ESG:01 for HR number xyz.
    Now system should check in roles assigned agaist user id for these PA, EG and ESG values. If user has got authorization for PA:1000, EG:1 and ESG:01 in HR roles,then he should allowed to display the document.
    Now my query is how feasible this approach? is this tough task for abaper? or is there any easier approach than this.
    regards
    sham

    Hi,
    Try to use the User Exit: CNEX0002.
    Check with your ABAP er for the enhancement.
    Hope it helps..
    Thanks!!!

  • Display Authorization for MASSD

    Hi,
    There is a requirement for giving a user only display authorizations for MASSD.
    I've tried various combinations of objects, however have been unsuccessful so far..
    Pls. help.
    Thanks,
    Saba.

    Hi Saba,
    the proposals (values maintained in SU24) should save time to role administrators.
    The developers maintain those values which make sense in their eyes. As example if they provide a transaction for creation of an item, they propably would maintain the activity 01, for a display transaction actvt=03 and so on. That will save time to admins, as they would not have to enter the values once more (compared to an empty field....). Of course, that proposals are still proposals only!
    For complex transactions it makes sense, to have a proposal of which authorization objects are necessary to be able to execute that transaction.
    Maybe you can remember the old procedure before pfcg had been invented - it was hard work first to identify all the objects checked with its values, then create the corresponding authorizations in SU03, then create the corr. profiles in SU02 and finally assign that profiles to users in SU01. That was really time consuming....
    So the invention of pfcg opened a very comfortable and quick possibility for that tasks with a high range of automatism. Of course this automatism can only be as good as the values which are behind it. So having accurate SU24 settings help a lot.
    So enjoy pfcg
    b.rgds, Bernhard

  • AUTHORIZATION FOR DISPLAY ONLY

    Hi Friends,
    As per your advices I have copied the SAP_ALL_DISPLAY and changed the ACTVT field to 03 for having the Display mode for all the transactions used..
    But still there are sone transaction where the user can change like FB 02 ,schedule background jobs etc..
    When I have checked the SU24 for the Auth objects...
    Some contain the ACTVT fileds as display but some objects does not have the ACTVT fields they have some other things containing the field values as * with full authorization..
    My question is can we change this to 3 - for display or any other procedure to track the transactions which are not in display mode and change it accordingly..
    Regds,
    Satyanarayana N.

    Hi Satyanarayana,
    Unfortunately your best shot will be checking the whole role manually using PFCG and ensure that the role doesn't contain any additional authorizations. Do this by reviewing all the authorization objects.
    Regards
    Juan

  • New role creation for display

    Hi,
    We want to create a role such that the users can see only the pricing but not the costing, for sales quotations and orders, for a particular distribution channel?
    Regards,
    Ajit

    Hi Ajit,
    If you wish to create a new Role, Use T. Code: PFCG.
    Once created assign the same role in to User's Profile Via T. Code: SU01.
    Here itself, in Authorization you may add T. Codes (for Display) and also define/ restrict User's view/ access to Sales Area data (i.e. Distribution Channel).
    Better to take help from Basis-Administrator as its purely Basis-job.
    Best Regards,
    Amit.

  • WEB UI- only Display authorization for LEADS to users

    Hi Gurus,
    I have a requirement like i need to give only display authorizations for users to leads.
    I have created a new business role and assigned only search links. but in that search link we have Create New option. How i need to disable this.
    Users needs only display authorizations for Leads.
    Waiting for reply...
    Regards,
    Ajay.

    Hi Ajay,
    First of all, It is possible to disable the New button on the Search page without any code change. There is an SPRO setting which is to be done in order to achieve this.
    You might have created a new z navbar profile as you have created a new business role as per your business requirement.
    Lets take an example, you want to disable the New button on Contact Search Page. follow these steps:
    1.Go To T. code /ncrmc_ui_nblinks
    2. Select the Z navbar profile you have created for your business role
    3. Double Click on "Define Generic OP Mapping" in left hand side
    4. Select Object Type as BP_CONTACT and remove the Following entry
    BP_CONTACT     D Create     MD-BPCP-CR          MD-CONP-SR
    Please note the Obj. Action here D Create, if you remove this entry it means you are disabling the Create Action for this business role for object Contact.
    Hope this will help you.
    Regards
    Ajay

  • Authorization for display only in tx MIGO

    Dear Guru's,
    can we give an authorization for display (i.e.Display material document ) only in Tcode MIGO for particular user ,
    if possible please let us know the authorization object for the same.
    Thanks,
    Ashish.

    Hi,
    Create a custom profile via tcode PFCG.
    Add the required tcode 'MIGO' to the 'Menu' tab.
    Then goto 'Authorizations' and open expert mode for authorization. Here you can control the field values for authorization object. Once done, generate the profile and assign user to role along with user master comparison run.
    Regards,
    Srikishan

Maybe you are looking for